io.netty:netty-codec-haproxy
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.netty:netty-codec-haproxypage 1 of 1
- CVE-2022-41881MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.1.86.Final2022-12-12
vulnerable: 4.0.29.Final ... 4.1.9.Final (129 versions)
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched…
- CVE-2026-44893HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-08
vulnerable: 4.0.29.Final ... 4.1.99.Final (178 versions)
Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `…
- CVE-2026-48059HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-11
vulnerable: 4.0.29.Final ... 4.1.99.Final (178 versions)
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a…
Check whether io.netty:netty-codec-haproxy is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.netty:netty-codec-haproxy CVEs against the assets you own.
Start Free Scan →